Several major security vendors, including Cisco Systems, InfoExpress, Sygate, and Zone Alarm, are working to make it easier to protect network "end points," where users connect to the network. Cisco, for example, continues to develop its Network Admission Control technology, which frisks systems to make sure their security is active and up to date before granting them access to the network.

Intrusion-prevention technology, offered by Cisco with its Cisco Security Agent and by McAfee Inc. (formerly Network Associates) in its IntruShield Network IPS and Entercept Host IPS, are drawing increased attention from business-technology managers, though many say they're not yet ready for widespread deployment. These systems work by spotting "bad" system or network behavior and blocking malicious activity.

New and better security tools are needed because threats continue to grow. Many security professionals worry that cyberterrorism could move from the realm of fiction to reality. "Terrorists may start to become more aggressive in the area of computer attacks," says Gerry Coady, managing director and chief architect for the strategic enterprise solutions group at Xcel Energy Inc., a major electric and natural gas provider.

The threat of state-sponsored attacks became real earlier this year when several foreign newspapers reported that the chief of the South Korean Defense Security Command said in a speech that North Korea is operating a hacking unit to steal information from government agencies and research centers in South Korea. "There's no question that [cyberterrorism] will become one of the ways industry and commerce is damaged in the future," Coady says.

That's why security experts say it will take a concerted and coordinated effort to win the security war. "It will take builders, buyers, and users" working together to keep IT security on track, says the Business Roundtable's Armstrong. "Right now, I can point to all three and show you things they could be doing better."

Despite the pain caused by the onslaught of worms and viruses during the past year, UPS's Schwartz says there have been some benefits. With each new attack, "our defense level increases," she says. "We get smarter with each one, and each one gives us an opportunity to improve our process."

And business-technology managers will remain in a learning and improving mode as they wait for software applications and security tools to get better. Until then, businesses will continue to spend an increasing amount of time and money on security concerns.

Illustration by Christoph Niemann Continue to the sidebars:
"Disclosure: Security Pros Want Flaw Information Sooner and
Outsourcing: Not When It Comes To Security, Most Say"